Spotlight Snooping other user accounts - stop it

Set up user account to access system

Have three accounts on my laptops. Adding a folder/volume in the privacy pane and it won't be listed in another's account.

"Authenticated results
On systems with separate user accounts, Spotlight respects the boundaries of users’ personal files—even though there is only one index per volume. When the Spotlight engine finds a set of results, it uses Mach messaging to communicate with the kernel and determine whether the current user has access to all of the data. Any files that the user isn’t permitted to see drop off the results list. Because Spotlight is tightly integrated with the file system and the kernel, this check takes no additional time. In fact, the whole process is transparent to the user. This mechanism works even if you’re applying
access control lists (ACLs) to your user accounts."

I must say that I haven't used the user account feature for quite. However, I just went a created a few accounts on my laptop and now that I recall why I haven't been using it.

The primary reason is that I couldn't share certain applications unless I purchased another copy. Now, however, after conducting some scenarios, I think I have an excellect reason to employ user accounts and in particular FileVault. And that is security.

One of the primary uses for my laptop is for client presentation. Many times, I have been most reluctant to leave the room with my laptop wide open for prying eyes. So, what I have just done is along with FileVault is to set up 'Client' user accounts, which contains only those things that I would permit a client to see or access.

When you create a User's Account, anything that is created by the user can only be stored in the users account and will not be available to anyone else unless the user puts in the shared folder. In addition, the user cannot modify anything in anyone elses account unless the 'other' user let's you by 'sharing' the item.

Now, from what I can see, when I use Spotlight, it does not identify that the user has not allowed to be shared. However, folders created on a user's desktop can show up, but it can't be opened.

From what I tested, a user cannot just add anything to the Privacy pane, ie., only those items that the user created.

If you are getting a different reaction, please let me know.

Don't know what you are talking about. When I search for a file, it does not list those on another users account.

This should do it.

"Note: If your computer has multiple user accounts, any files that reside at the top level of each user's Home folder will also be indexed and searchable by Spotlight, even though they cannot be modified. However, all files and folders located within a user's Desktop, Documents, Library, Music, Movies, and Pictures folders will not be indexed nor can they be searched by other user accounts using Spotlight."

Your only real option is to tell the other users to store their stuff in a folder that is not accessible-change the permissions, or to use the location criteria available in Cmd-F to limit the search location to your home folder.

In other words-don't use the menubar spotlight. Instead search through the Finder's search window. On the gray bar above the criteria buttons, select 'Home' to limit the results to your home folder.

I think I understand it. Spotlight is able to find file created by other users but were stored outside of their /Users/<username> folders right?

As far as I understand spotlight, it will not display other Users files as long as they reside within the /Users/<username> folders (except for shared)

If another user saves files outside of their /Users/<username> then yes, it becomes essentially a "public" file accessible to all, unless you change the permissions of it (which won't necessarily exclude it from spotlight)

So, each user should keep their files within their user folders.

I stand corrected.

I had tested searching other user accounts before getting no results from other users. It never occurred to create a new folder within the user. I just tried it though and it DOES return results.

I wonder if that's intentional or is just a bug that will be corrected.

The only reason a folder would be private-not visible to another user-is the permissions set on that folder. I think the user folder is just a convenient way of looking at the organization of files but there's really nothing special about a user folder that makes it different from any other folder-at least not as far as the system is concerned. Therefore when Spotlight goes out looking for files, its concern is whether or not the user running the search has permission to view the items it has found, not whether or not they are in another user's home folder..